A high-severity zero-day vulnerability, identified as CVE-2026-21385, has been discovered in an open-source Qualcomm display component used in Android devices, with evidence suggesting it is being actively exploited in limited, targeted attacks. This memory-corruption flaw, which was reported to Qualcomm by Google's Android security team on December 18, affects a total of 234 chipsets, according to Qualcomm's security bulletin. The vulnerability was disclosed by Google as part of a larger batch of 129 Android vulnerabilities addressed in a recent security update. Qualcomm notified its customers about the issue on February 2, but declined to provide information on when the earliest known instance of exploitation occurred or the number of victims. The fact that CVE-2026-21385 is being actively exploited1 underscores the need for prompt attention from device manufacturers and users alike. As the exploitation status of this vulnerability continues to be discussed by Google, determining whether it warrants a patch-now or monitor approach is crucial. The presence of this vulnerability in a widely used component like Qualcomm's display driver highlights the complexities of securing the Android ecosystem. So what matters to practitioners is that they must closely monitor the situation and apply patches as soon as they become available to prevent potential exploitation of this high-severity flaw.